Re: Using the audit system for non-security events
On Tue, 2008-05-27 at 14:08 -0400, Eric Paris wrote:
I want thoughts on such a proposal. Obviously I'm going to ahve
to
put
some real thought/care into how to handle 'overlapping' rules between
security and non-security and stuff like that, but as a general idea
what do people think?
At the risk of sounding like "we should take over the world", I think it
actually should be a good thing to have more users relying on the audit
subsystem, so I liked the idea.
Previously, on this same mailing list, we once discussed about using
fields to route records across different systems. Perhaps it's time for
us to have a real look at a more generic solution for this? (Not that
I'm against adding another field, but since record routing is necessary
for several reasons, wouldn't it be desirable to have the right
infrastructure in place to handle those, say, in auditctl?)
-Klaus
--
Klaus Heinrich Kiwi <klausk(a)linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center